Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AA38' = 'regsvr32.exe /s "%APPDATA%\Microsoft\A9C8C9C7BF.txt"'
- <SYSTEM32>\wbem\wmiprvse.exe
- %APPDATA%\m154891551.txt
- %APPDATA%\Microsoft\A9C8C9C7BF.txt
- %APPDATA%\p4574894.7z
- %TEMP%\nsj2.tmp
- %APPDATA%\7z1748395.exe
- %APPDATA%\m154891551.txt
- %APPDATA%\p4574894.7z
- %APPDATA%\7z1748395.exe
- 'ma##.one1.kz':443
- 'ca.#scp.kz':443
- DNS ASK ma##.one1.kz
- DNS ASK ca.#scp.kz
- DNS ASK oc##.#omodoca.com
- ClassName: 'CicLoaderWndClass' WindowName: ''
- '%APPDATA%\7z1748395.exe' e "%APPDATA%\p4574894.7z" -p5CdTm92qAA2yPzapcXrz -bso0 -bsp0 -y
- '<SYSTEM32>\cmd.exe' /c del "%APPDATA%\m154891551.txt" >> NUL
- '<SYSTEM32>\wbem\wmiprvse.exe'
- '<SYSTEM32>\regsvr32.exe' /s "%APPDATA%\m154891551.txt"
- '<SYSTEM32>\regsvr32.exe' /s "%APPDATA%\Microsoft\A9C8C9C7BF.txt"